Vulnerability in Oracle Email Center of Oracle E-Business Suite
CVE-2019-2600

8.2HIGH

Key Information:

Vendor: Oracle
Status: Email Center
Vendor: CVE Published:; 23 April 2019

Summary

An access control vulnerability exists in the Oracle Email Center component of Oracle E-Business Suite that allows unauthenticated attackers with network access via HTTP to compromise the system. This vulnerability requires human interaction from a person other than the attacker. Although the vulnerability pertains specifically to Oracle Email Center, successful exploitation can lead to unauthorized access to sensitive data, including the ability to update, insert, or delete records in the accessible data of Oracle Email Center. This could have significant implications for additional interconnected components within the E-Business Suite.

Affected Version(s)

Email Center 12.1.1

Email Center 12.1.2

Email Center 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018